'\" t
.TH "SYSTEMD\-DETECT\-VIRT" "1" "" "systemd 254" "systemd-detect-virt"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd-detect-virt \- Detect execution in a virtualized environment
.SH "SYNOPSIS"
.HP \w'\fBsystemd\-detect\-virt\fR\ 'u
\fBsystemd\-detect\-virt\fR [OPTIONS...]
.SH "DESCRIPTION"
.PP
\fBsystemd\-detect\-virt\fR
detects execution in a virtualized environment\&. It identifies the virtualization technology and can distinguish full machine virtualization from container virtualization\&.
systemd\-detect\-virt
exits with a return value of 0 (success) if a virtualization technology is detected, and non\-zero (error) otherwise\&. By default, any type of virtualization is detected, and the options
\fB\-\-container\fR
and
\fB\-\-vm\fR
can be used to limit what types of virtualization are detected\&.
.PP
When executed without
\fB\-\-quiet\fR
will print a short identifier for the detected virtualization technology\&. The following technologies are currently identified:
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&1.\ \&Known virtualization technologies (both VM, i\&.e\&. full hardware virtualization, and container, i\&.e\&. shared kernel virtualization)
.TS
allbox tab(:);
lB lB lB.
T{
Type
T}:T{
ID
T}:T{
Product
T}
.T&
lt l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
l l l
lt l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l
^ l l.
T{
VM
T}:T{
\fIqemu\fR
T}:T{
QEMU software virtualization, without KVM
T}
:T{
\fIkvm\fR
T}:T{
Linux KVM kernel virtual machine, in combination with QEMU\&. Not used for other virtualizers using the KVM interfaces, such as Oracle VirtualBox or Amazon EC2 Nitro, see below\&.
T}
:T{
\fIamazon\fR
T}:T{
Amazon EC2 Nitro using Linux KVM
T}
:T{
\fIzvm\fR
T}:T{
s390 z/VM
T}
:T{
\fIvmware\fR
T}:T{
VMware Workstation or Server, and related products
T}
:T{
\fImicrosoft\fR
T}:T{
Hyper\-V, also known as Viridian or Windows Server Virtualization
T}
:T{
\fIoracle\fR
T}:T{
Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems), for legacy and KVM hypervisor
T}
:T{
\fIpowervm\fR
T}:T{
IBM PowerVM hypervisor \(em comes as firmware with some IBM POWER servers
T}
:T{
\fIxen\fR
T}:T{
Xen hypervisor (only domU, not dom0)
T}
:T{
\fIbochs\fR
T}:T{
Bochs Emulator
T}
:T{
\fIuml\fR
T}:T{
User\-mode Linux
T}
:T{
\fIparallels\fR
T}:T{
Parallels Desktop, Parallels Server
T}
:T{
\fIbhyve\fR
T}:T{
bhyve, FreeBSD hypervisor
T}
:T{
\fIqnx\fR
T}:T{
QNX hypervisor
T}
:T{
\fIacrn\fR
T}:T{
\m[blue]\fBACRN hypervisor\fR\m[]\&\s-2\u[1]\d\s+2
T}
:T{
\fIapple\fR
T}:T{
\m[blue]\fBApple virtualization framework\fR\m[]\&\s-2\u[2]\d\s+2
T}
:T{
\fIsre\fR
T}:T{
\m[blue]\fBLMHS SRE hypervisor\fR\m[]\&\s-2\u[3]\d\s+2
T}
T{
\fIgoogle\fR
T}:T{
\m[blue]\fBGoogle Compute Engine\fR\m[]\&\s-2\u[4]\d\s+2
T}:T{
\ \&
T}
T{
Container
T}:T{
\fIopenvz\fR
T}:T{
OpenVZ/Virtuozzo
T}
:T{
\fIlxc\fR
T}:T{
Linux container implementation by LXC
T}
:T{
\fIlxc\-libvirt\fR
T}:T{
Linux container implementation by libvirt
T}
:T{
\fIsystemd\-nspawn\fR
T}:T{
systemd\*(Aqs minimal container implementation, see \fBsystemd-nspawn\fR(1)
T}
:T{
\fIdocker\fR
T}:T{
Docker container manager
T}
:T{
\fIpodman\fR
T}:T{
\m[blue]\fBPodman\fR\m[]\&\s-2\u[5]\d\s+2 container manager
T}
:T{
\fIrkt\fR
T}:T{
rkt app container runtime
T}
:T{
\fIwsl\fR
T}:T{
\m[blue]\fBWindows Subsystem for Linux\fR\m[]\&\s-2\u[6]\d\s+2
T}
:T{
\fIproot\fR
T}:T{
\m[blue]\fBproot\fR\m[]\&\s-2\u[7]\d\s+2 userspace chroot/bind mount emulation
T}
:T{
\fIpouch\fR
T}:T{
\m[blue]\fBPouch\fR\m[]\&\s-2\u[8]\d\s+2 Container Engine
T}
.TE
.sp 1
.PP
If multiple virtualization solutions are used, only the "innermost" is detected and identified\&. That means if both machine and container virtualization are used in conjunction, only the latter will be identified (unless
\fB\-\-vm\fR
is passed)\&.
.PP
Windows Subsystem for Linux is not a Linux container, but an environment for running Linux userspace applications on top of the Windows kernel using a Linux\-compatible interface\&. WSL is categorized as a container for practical purposes\&. Multiple WSL environments share the same kernel and services should generally behave like when being run in a container\&.
.SH "OPTIONS"
.PP
The following options are understood:
.PP
\fB\-c\fR, \fB\-\-container\fR
.RS 4
Only detects container virtualization (i\&.e\&. shared kernel virtualization)\&.
.RE
.PP
\fB\-v\fR, \fB\-\-vm\fR
.RS 4
Only detects hardware virtualization\&.
.RE
.PP
\fB\-r\fR, \fB\-\-chroot\fR
.RS 4
Detect whether invoked in a
\fBchroot\fR(2)
environment\&. In this mode, no output is written, but the return value indicates whether the process was invoked in a
\fBchroot()\fR
environment or not\&.
.RE
.PP
\fB\-\-private\-users\fR
.RS 4
Detect whether invoked in a user namespace\&. In this mode, no output is written, but the return value indicates whether the process was invoked inside of a user namespace or not\&. See
\fBuser_namespaces\fR(7)
for more information\&.
.RE
.PP
\fB\-\-cvm\fR
.RS 4
Detect whether invoked in a confidential virtual machine\&. The result of this detection may be used to disable features that should not be used in confidential VMs\&. It must not be used to release security sensitive information\&. The latter must only be released after attestation of the confidential environment\&.
.RE
.PP
\fB\-q\fR, \fB\-\-quiet\fR
.RS 4
Suppress output of the virtualization technology identifier\&.
.RE
.PP
\fB\-\-list\fR
.RS 4
Output all currently known and detectable container and VM environments\&.
.RE
.PP
\fB\-\-list\-cvm\fR
.RS 4
Output all currently known and detectable confidential virtualization technologies\&.
.RE
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Print a short help text and exit\&.
.RE
.PP
\fB\-\-version\fR
.RS 4
Print a short version string and exit\&.
.RE
.SH "EXIT STATUS"
.PP
If a virtualization technology is detected, 0 is returned, a non\-zero code otherwise\&.
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1),
\fBsystemd-nspawn\fR(1),
\fBchroot\fR(2),
\fBnamespaces\fR(7)
.SH "NOTES"
.IP " 1." 4
ACRN hypervisor
.RS 4
\%https://projectacrn.org
.RE
.IP " 2." 4
Apple virtualization framework
.RS 4
\%https://developer.apple.com/documentation/virtualization
.RE
.IP " 3." 4
LMHS SRE hypervisor
.RS 4
\%https://www.lockheedmartin.com/en-us/products/Hardened-Security-for-Intel-Processors.html
.RE
.IP " 4." 4
Google Compute Engine
.RS 4
\%https://cloud.google.com/compute
.RE
.IP " 5." 4
Podman
.RS 4
\%https://podman.io
.RE
.IP " 6." 4
Windows Subsystem for Linux
.RS 4
\%https://docs.microsoft.com/en-us/windows/wsl/about
.RE
.IP " 7." 4
proot
.RS 4
\%https://proot-me.github.io/
.RE
.IP " 8." 4
Pouch
.RS 4
\%https://github.com/alibaba/pouch
.RE
